Personal data residing or in transit, across and between administration networks
are the focus of extensive security efforts. Encryption should be deployed judiciously.
In this presentation, check how we safeguard information, processes and procedures
in three practical cases:
• Data-processing tools to fight social fraud (OASIS datawarehouse)
• Sign and deposit of notary acts (e-Depot platform)
• Identity Management at European-level (Services directive)
Information Society with Absolute Trust in the Services
1. Gov IT Summit 2009 – Antwerpen, 21 Septembre 2009
Information Society
with Absolute Trust in the Services
Luc Gathy
page 1
2. What citizens expect ?
Factors encouraging the use of e-ID
The assurance that the law on data protection is complied with
The guarantee that the data is not sold on or re-used
A label or logo proving that the service is secure
An individual file of my data and transactions so that I know
what information about me is held
Obtaining a receipt after providing information
Information on the information system
Information on how the data I have provided is used
Testimonies of people who have used the system.
page 2
3. What citizens expect ?
Factors encouraging the use of e-Services
If my privacy is completely respected
If I can choose which personal data I want to provide
If the service is free
If the service saves me time
If it is very easy to register
If my friends have strongly recommended it to me
Who should offer these services
A government organization (federal, local),
A company, a specialist service provider
A non-profit organization
page 3
4. To summarize ...
Active and responsible relation is expected with Public Services
Simplification and rapidity as issuing conditions to the usage of e-
Services to organize “my” everiday life
Transparency
Methods of conserving and consulting data
Conditions for storing this data
Controls in place, also for subcontractors involved in processing
the personal data
Consistency intra- and between platforms (codes, signs and products)
No extra cost
page 4
5. e-Depot :Overview
Notary
1 2 3 4 5
e-Notariat
interface
Consult Monitor the
Write deed Deposit digital Update e-Gov
authentic status of
and extracts deed sources
sources deposits
e-Gov
interface
Moni-
National Bis Company Justice teur
register register register files Belge (*)
Dep. Social
Inneres security Dep. Economy Department Justice
(*) Belgian Official Gazette
Clerk Citizen
page 5
6. e-Depot: Partnership & SOA infrastructure
Tracebility through “Certificates chain”
and “Timestamping” (XAdES standards) Social Server
KSZ security NationalServer
RRN register
Server Server
L
AM
n
rtio
üS
(3)
se
as
Logs
Notaris 4
Notary 4
eID
Real Server Server r
Card certificaat certificaat Nat N 4
1 Nat Nr eID 2 Nat Nr eID
Notaris
Notary KFBN Server
FRNB Server Federal Server
FSB
service
bus (FSB) Server
6 5/7
Notaris
Notary
FOD/Justitie
Dep. Justice FOD/Economie
Dep. Economy
Server Server
Server Server
page 6
7. e-Depot: New workflow
Find physical(s) person(s)
FPHP by National number Dep.
RRN
Inneres
Notary
Notariaat Find foreign natural
person(s) Social
KSZ
security
Creation / Update of data
FMOP
Find a moral person (company’s /
enterprise’s) FOD
Dep.
FRNB Portal economy
Economie Deed preparation
PRSU Deed processing
Federal service bus (FSB)
Creation of a new enterprise Dep.
FOD
( New Enterprise number created )
economy
Economie
KFBN FSB -NOT
-
Deposition of deeds Dep.
FOD
e-Depot Justice
( Submission of files, Justitie
(web)
number & date of deposit returned )
services
Activation of the enterprise FOD
Dep.
Economie
economy
Publication in the “Moniteur”
Dep. FOD
Dep.
Justice Justitie BS
Justice
( Date of publication)
FPHP = Manage phy sical person details
FMOP = Manage mo ral person details Forward of the final status to Moniteur
the network Dep.
FOD Belge
PRSU = Process sub mittal of an electronic
notary deed
Justice
Justitie
page 7
8. e-Depot: A best practice
We meet the “Trust” requirements:
« Authentic digital
Act
Signed
Electronically »
Recognition:
&
http://www.epractice.eu/cases/edepot
page 8
9. OASIS: Overview
Registre national
DMFA
Dimona
Chômage Chantiers
(ONEM) (Construction)
Travail- Employ-
leurs eurs Comptes &
recouvrements
Actions sur les
«Sources authentiques»
Vue «Employeur »
Déclarations
Vue «Travailleur » Fichier Dettes TVA
TVA
Clients-fournisseurs page 9
13. OASIS: Recognition
“Crime such as fraud cause loss of revenue and require human resources
to trace and handle them. Electronic systems for fraud detection can
increase the detection rate by automatically carrying out checks and
controls.
The Belgian Anti-Fraud Datawarehouse project has developed a model
whereby the need for precious resources in terms of both time and
personnel has been cut and which has enabled more focused
investigations leading to an increased apprehension rate.
This example also illustrates as possible solution to tackle issues related
to security and trust, a major concern for both front and back office users
and for clients.”
Ecrit par Christine Leitner (Head of eEurope Awards Project Management
Secretariat and Senior Lecturer, EIPA Maastricht) dans la revue “Eipascope”
numéro 2004/1 page 40.
More details: http://www.epractice.eu/cases/OASIS2
page 13
14. OASIS: What about « Big Brother » syndrome ?
« Commission for the protection of privacy » special autorisation:
Délibération n° 01/06 du 6 mars 2001 relative à une demande du Ministère
des Affaires sociales, de la Santé publique et de l'Environnement pour la création et la
gestion d'une banque de données OASIS, en vue de la lutte contre la fraude sociale dans les
secteurs de la construction, de la construction métallique, de l'électricité et des parcs et
jardins.
Délibération n° 05/001 du 18 janvier 2005 relative à la création et gestion
de la banque de données OASIS en vue de la lutte contre la fraude sociale - Extension de
l'autorisation comprise dans la délibération n° 01/06 du 6 mars 2001.
Encryption of the personal data
For the detection process
... With limited opportunities to retrieve the original version
In the investigation process
page 14
15. Positioning of Belgium
Reliability of our Civil Register (Parent database)
Contains the “founding documents” upon which identification
security is to be based
A unique identification system
Not multiple unified or partitioned
Traceability of all transactions performed, e.g. by Civil servants
Example: “Mondossier” or “MyFile”
e-ID as an electronic identification system guaranteed by the State
A “Service-oriented” State in construction
For the Individual/Citizen: State’s back office own structure hidden
(“Citizen Centric”), facilitation for learning, promoting the service,
accessibility and responsiveness (face-to-face and electronic)
For government bodies: Migrate from paper-based to electronic
culture, prioritization of the need for transparency, maintain “Social
cohesion”, cross-functional shared framework (for the fluidity of the
processing), Circle of Trust, legal validity of paperless procedures.
page 15
16. Positioning of Belgium
Protection of individual’s privacy and personal data
Principle of “end goals” (bind to mandates) and
“proportionality” (Example: Driving licence = 18 or over No need to
know the age or date of birth)
Five Trusted party commissions for privacy protection,
compartmentalized by domain;
Public-sector administration/Interior ministry
Finance
Health
Social matters
Justice
Introduction or mixed access to commercial and non-commercial
services carried out with great precision.
... And ensuring the public’s interests !
page 16
17. Services Directive: Overview
Abolish restrictive legislation and practices hindering service
providers
Set up Point of Single Contact
Applicants must be able to:
– Find rules and formalities they need to comply with
– Complete applications electronically (submit application forms,
supporting documents, fee payment)
Autorités Compétentes
« Interlocuteur
Prestataire Prestataire unique »
établi de services
Guichet
Unique
Prestataire
non établi
Administration co-operation improved with counterparts in other
EU countries
page 17
18. Services Directive: Issues
Recognition of electronic documents across Member States (MS)
borders, requires:
Common set - or at least understanding – of signature and
document formats (structured and unstructured)
Necessary information for validation of e-Docs
Signature format for (qualified) electronic signature should be
defined
Date of public registers has to be accessible (read only) to
authorities of MS, involves questions:
How to identify a requesting authority? eID LSP STORK
How to search for and find a certain record in accordance with
national data protection rules?
How to retrieve and validate it?
page 18
19. Services Directive: Issues (continue)
Point of Single Contact
Authentication Service Federal Authentication Service
+
Federated Identity and CA
Access Management (FIAM) CA
FAS CA
+
Trust relationship IdP
CA
PsC IdP
SSO
IdP
SP IdP
SP
SP
SP
SP SP IdP: Identity provider
SSO: Single-sign-on
SP: Service provider
CA: Certification authority
page 19
20. Services Directive: Issues (continue)
e-Delivery
service
MS A
Additional
issues
e-Procedure e-Doc safe
MS B
page 20
21. Services Directive: Issues (continue)
National e-delivery systems have to become interoperable:
How can a sending authority find the appropriate messaging
service?
How to interface with it?
How to identify individual recipients and their addresses?
How to get confirmation of delivery and receipt?
Data safes can make online transactions during an official
procedure more efficient, comfortable and user friendly, but:
How to access an e-Document safe of MS A across borders
during an electronic transaction in MS B?
How to retrieve a particular document?
How to authorise public authorities for asynchronous access to
data safes?
Is there a need for a standard document inventory to find
equivalent in other MS?
page 21
22. Services Directive: Issues (continue)
Cross border payment of administrative fees:
Service providers should be able to use their local payment
system (e.g. credit card and online banking) with foreign public
administrations
Common service directory needed:
Description of service interface as well as of process models
Service orientation independently of a particular national portal
Allowing integration (partial or complete) in others MS !
page 22
23. Conclusion
Authority
Trust
Traceability
Transparency
= Four “untouchable” fundamental components !
Included in our future work to avoid…
page 23